int ipcperms (struct kern_ipc_perm *ipcp, short flag)

{ /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */

int requested_mode, granted_mode, err;

requested_mode = (flag >>6) | (flag >>3) | flag; granted_mode = ipcp->mode;

if (current->euid == ipcp->cuid || current->euid == ipcp->uid)

granted_mode >>= 6; else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid))

granted_mode >>= 3; /* is there some bit set in requested_mode but not in granted_mode? */ if ((requested_mode & ~granted_mode & 0007) && !capable(CAP_IPC_OWNER)) return -1;

return security_ipc_permission(ipcp, flag);

The requested mode (request_mode) contains the requested flags bit-triples as a threefold copy. granted_mode initially holds the mode bits of the IPC object. Depending on whether the user himself, a member of the group, or someone else wants to perform a specific operation, the contents of granted_mode are shifted to the right such that the appropriate bit-triple resides in the low three bits. If the last three bits of requested_mode and granted_mode disagree, permission is denied accordingly. securit_ipc_permission hooks into other security frameworks like SELinux, which are potentially active but need not concern us here.

Continue reading here: Message Queues

Was this article helpful?

0 0